{"title":"DevOps中的安全实践","authors":"A. Rahman, L. Williams","doi":"10.1145/2898375.2898383","DOIUrl":null,"url":null,"abstract":"DevOps focuses on collaboration between different teams in an organization to achieve rapid deployment of software and services to end-users by automating the software delivery infrastructure. According to Dyck et al. [1] DevOps is a software process that emphasizes collaboration within and between different teams involved in software development. According to a study from CA Technologies [5], 88% of 1425 organization executives stated that they have adopted DevOps, or are planning to adopt DevOps in the next five years. According to Puppet Labs' 2015 State of DevOps Report [2], organizations that have adopted DevOps experienced 60 times fewer failures and deploy 30 times more frequently than organizations that have not adopted DevOps. Despite the popularity, security aspects of DevOps remain a concern for organizations that want to adopt DevOps [5]. In organizations that use DevOps practices, developers can commit and deploy their software changes at a rapid rate using an automated pipeline. At such a rapid rate, if the security team operates in isolation without close collaboration with the development and operations teams, then the rapidly deployed software changes might not undergo the adequate security reviews, potentially leading to vulnerable software. Bringing security principles within the DevOps process can help the organization in achieving better quality of software by integrating security checks into the phases of development, testing, and deployment.","PeriodicalId":163427,"journal":{"name":"Proceedings of the Symposium and Bootcamp on the Science of Security","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Security practices in DevOps\",\"authors\":\"A. Rahman, L. Williams\",\"doi\":\"10.1145/2898375.2898383\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DevOps focuses on collaboration between different teams in an organization to achieve rapid deployment of software and services to end-users by automating the software delivery infrastructure. According to Dyck et al. [1] DevOps is a software process that emphasizes collaboration within and between different teams involved in software development. According to a study from CA Technologies [5], 88% of 1425 organization executives stated that they have adopted DevOps, or are planning to adopt DevOps in the next five years. According to Puppet Labs' 2015 State of DevOps Report [2], organizations that have adopted DevOps experienced 60 times fewer failures and deploy 30 times more frequently than organizations that have not adopted DevOps. Despite the popularity, security aspects of DevOps remain a concern for organizations that want to adopt DevOps [5]. In organizations that use DevOps practices, developers can commit and deploy their software changes at a rapid rate using an automated pipeline. At such a rapid rate, if the security team operates in isolation without close collaboration with the development and operations teams, then the rapidly deployed software changes might not undergo the adequate security reviews, potentially leading to vulnerable software. Bringing security principles within the DevOps process can help the organization in achieving better quality of software by integrating security checks into the phases of development, testing, and deployment.\",\"PeriodicalId\":163427,\"journal\":{\"name\":\"Proceedings of the Symposium and Bootcamp on the Science of Security\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Symposium and Bootcamp on the Science of Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2898375.2898383\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium and Bootcamp on the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2898375.2898383","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DevOps focuses on collaboration between different teams in an organization to achieve rapid deployment of software and services to end-users by automating the software delivery infrastructure. According to Dyck et al. [1] DevOps is a software process that emphasizes collaboration within and between different teams involved in software development. According to a study from CA Technologies [5], 88% of 1425 organization executives stated that they have adopted DevOps, or are planning to adopt DevOps in the next five years. According to Puppet Labs' 2015 State of DevOps Report [2], organizations that have adopted DevOps experienced 60 times fewer failures and deploy 30 times more frequently than organizations that have not adopted DevOps. Despite the popularity, security aspects of DevOps remain a concern for organizations that want to adopt DevOps [5]. In organizations that use DevOps practices, developers can commit and deploy their software changes at a rapid rate using an automated pipeline. At such a rapid rate, if the security team operates in isolation without close collaboration with the development and operations teams, then the rapidly deployed software changes might not undergo the adequate security reviews, potentially leading to vulnerable software. Bringing security principles within the DevOps process can help the organization in achieving better quality of software by integrating security checks into the phases of development, testing, and deployment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
